Get in Touch
Please get in touch using the form below.
Remote Code Execution Zero-Day Reported in PAN-OS 8.1 VPN Portal
Overview
Researchers have published an advisory of a memory corruption vulnerability (CVE-2021-3064) in Palo Alto Networks GlobalProtect portal.
The bug has been fixed since PAN-OS version 8.1.17 but info about CVE-2021-3064 was not released until recently.
Shodan shows tens of thousands of devices currently vulnerable.
Impact
A remote, unauthenticated attacker would be able to execute code on a vulnerable device and from there, gain access to the rest of the network.
Vulnerability Detection
Check the running version of PAN-OS.
Affected Products
PAN-OS 8.1 versions earlier than 8.1.17
Containment, Mitigations & Remediations
PAN Threat Prevention Signatures (IDs 91820 and 91855) can be used to block the traffic.
Indicators of Compromise
None listed.
Threat Landscape
VPNs are attractive targets for threat actors because they act as a front door to the rest of the network.
There are no reports of exploitation and no proof-of-concept code has been released yet, but the researchers note that this is likely to be released soon.
Mitre Methodologies
T1190 – Exploit Public-Facing Application
Further Information
Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064